By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96402 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037893 | Issue Tracking Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:0914 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:0979 | Third Party Advisory |
https://www.debian.org/security/2017/dsa-3792 | Issue Tracking Third Party Advisory |
https://www.openoffice.org/security/cves/CVE-2017-3157.html | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-11-19T00:00:00
Updated: 2018-01-04T19:57:01
Reserved: 2016-12-05T00:00:00
Link: CVE-2017-3157
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-20T20:29:00.543
Modified: 2019-05-08T18:51:46.950
Link: CVE-2017-3157
JSON object: View
Redhat Information
No data.
CWE